I am submitting for review and not sure about the Export Compliancequestion Is your app designed to use cryptography or does it contain or incorporate cryptography? (Select Yes even if your app is only utilizing the encryption available in iOS or macOS.) The only internet function in my app is using Facebook Loginon first screen for users to register and login. And I use Firebase as backend. So do I need to select Yes?

If I should pick Yes for first question, then second question Does your app qualify for any of the exemptions provided in Category 5, Part 2 of the U.S. Export Administration Regulations? I should also pick Yes, right? Thanks!

If the only use is an https connection to Facebook I would answer no. At WWDC16 I specifically asked this question twice of the security team and was told that they did not consider HTTPS to be encryption for this question.

More:

New U.S. legislation went into effect on September 20th, 2016. The new regulation removes the requirement to register your app simply because it uses encryption.

Some links to the 2016-09-20 changes: Changes to BIS's information security controls bring relaxed controls, removal of registration requirement Dentons, US Implements Regulation Changes for Encryption Products, Software and Technology Shadden, Export Administration Regulation (EAR) BIS.

Note that other countries also have regulations covering sale of encryption including France.

How this affects answering the Apple question is unclear. If my app used encryption directly (my API calls directly to AES for example) I would answer "yes" and supply the above information.

Disclaimer: This is not legal advice.